USAF: Cyberspace represents a fifth, costly, realm of warfare

Once the USAF Cyber Command was effectively put on ice recently, coverage of the US military's approach to network warfare and defence also went away. The existing infrastructure and systems that had been in place prior to the attempted set up of Cyber Command still continue to operate and the head of US Strategic Command, General Kevin Chilton, recently spoke about a range of the issues being faced in operating the US military's lesser-classified networks.

General Chilton is continuing to support the concept that "cyberspace" represents a fifth realm of warfare, complementing air, land, sea, and space as the realms that battle will be conducted in into the future. This idea is one that still has its critics even though it has been in use since at least 1996.

Critics point to the pre-existence of Information and Electronic Warfare as formal warfare disciplines long before the idea of cyberspace came to prominence. Until it can be clearly demonstrated that cyberspace is somehow uniquely different from these prior forms of warfare (which it isn't), the use of the term suggests more buzzword than substance. The arguments that General Chilton puts forward for its differentiation, that it operates at the speed of light, can still be applied to Information and Electronic Warfare and do not do enough to actually differentiate cyberspace.

Setting aside the argument about whether it is a new realm of warfare or not, the US military has been struggling for some time with information systems that have been under increasingly sophisticated levels of attack, even without a formal conflict or enemy to blame for the attacks. General Chilton argues that not enough attention has been placed on how to manage and operate a network that is under sustained attack, calling it "The hardest thing we're challenged to do in cyberspace".

General Chilton acknowledges that many of the recorded breaches and attempted network probes are most likely non-military threats (people just looking for information/espionage), but still quantifying the cost of the overall breaches is a difficult proposition. For breaches to just one of the US military's lightly classified networks (NIPRNet), General Chilton reported that it could be costing the US military US$100 million per year, or even higher. One of the biggest problems is that no one really knows quite how much the breaches are costing it and just what sort of rate and quantity of data is actually leaving the military networks.

Without quantifiable information, the goal of actually managing and operating a network under attack can not really be carried out effectively.

Industry should observe closely whatever approach the US military takes in addressing this problem. Although the scale may not be the same, the same problems are also faced by corporate, education, and private networks. Any effective techniques and technologies developed for and implemented by the US military are likely to have ready re-application to other network environments. It may also be a chance for the US military to pick up on some of the practices in use on the best managed networks.

It can be argued that General Chilton has not really said anything that is new (except maybe some of the estimated figures associated with network breaches), but the fact that he is on record acknowledging that the problems exist is a great start towards actually fixing them.

What may be more telling is what wasn't said, that these problems actually threaten the core of Network Centric Warfare as a viable concept, and have done so for a while (disregarding vendor claims to the otherwise). Advocates of Network Centric Warfare should stop and listen to what Information Security experts have to say and understand that their pet warfare concepts have still got quite a way to go before they are robust enough to be viable on modern or future battlefields. Physically isolated networks still have a chance, but once a means is found to breach the isolation gap (be it through swamping satellite channels or otherwise) then isolated networks will face the same issues as the ones General Chilton was talking about.

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.